| 1 |
On Fri, Dec 28, 2012 at 01:07:11AM -0500, Michael Orlitzky wrote |
| 2 |
> On 12/27/2012 10:59 PM, Walter Dnes wrote: |
| 3 |
> > |
| 4 |
> > Here's my revised "Paranoia Plus" ruleset. Any comments? Because I'm |
| 5 |
> > behind a NAT-ing ADSL router/modem, many of my rules rarely see hits. |
| 6 |
> > However, I do have a backup dialup connection in case of problems, so |
| 7 |
> > most of my rules don't specify the network interface. A couple of |
| 8 |
> > notes... |
| 9 |
> > |
| 10 |
> |
| 11 |
> I did a bunch of inline comments below as I was trying to understand the |
| 12 |
> rules. At the end I give the tl;dr, but maybe the inline comments are |
| 13 |
> useful too. |
| 14 |
|
| 15 |
Thanks. My ruleset has accumulated years of cruft. I should really |
| 16 |
sit down and rewrite the thing from square 1. I have one comment. You |
| 17 |
show what appears to be a bash script for setting up the rules. I work |
| 18 |
with the contents of file /var/lib/iptables/rules-save instead. |
| 19 |
|
| 20 |
-- |
| 21 |
Walter Dnes <waltdnes@××××××××.org> |
| 22 |
I don't run "desktop environments"; I run useful applications |
Archives